Lucene search
K

10 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.5AI score0.01131EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

TencentOS Server 3: ruby:3.3 (TSSA-2026:0546)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0546 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

8.1CVSS6.4AI score0.01131EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/26 7:42 a.m.20 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.3AI score0.01131EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 7:37 a.m.13 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.3AI score0.01131EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/18 1:12 p.m.9 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.3AI score0.01131EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.14 views

Amazon Linux 2023 : ruby3.4, ruby3.4-bundled-gems, ruby3.4-default-gems (ALAS2023-2026-1690)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1690 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB...

8.1CVSS6AI score0.01131EPSS
Exploits0References4
NVD
NVD
added 2026/04/24 3:16 a.m.5 views

CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS0.01131EPSS
Exploits0References16
OSV
OSV
added 2026/04/24 3:16 a.m.9 views

UBUNTU-CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/24 2:35 a.m.31 views

CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS0.01131EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:35 a.m.3 views

CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder